diff --git a/src/main/java/de/avatic/lcc/config/SecurityConfig.java b/src/main/java/de/avatic/lcc/config/SecurityConfig.java index be0b2fe..079f381 100644 --- a/src/main/java/de/avatic/lcc/config/SecurityConfig.java +++ b/src/main/java/de/avatic/lcc/config/SecurityConfig.java @@ -262,61 +262,81 @@ public class SecurityConfig { final OidcUserService delegate = new OidcUserService(); return (userRequest) -> { - OidcUser oidcUser = delegate.loadUser(userRequest); - Integer userId = null; + try { + log.info("=== OIDC User Service called ==="); - // Debug: Print all claims - log.debug("=== ID Token Claims ==="); - oidcUser.getIdToken().getClaims().forEach((key, value) -> - log.debug("{}: {}", key, value) - ); - log.debug("======================"); + OidcUser oidcUser = delegate.loadUser(userRequest); + log.info("OIDC User loaded successfully"); - Set mappedAuthorities = new HashSet<>(oidcUser.getAuthorities()); + Integer userId = null; - User user = null; + // Debug: Print all claims + log.debug("=== ID Token Claims ==="); + oidcUser.getIdToken().getClaims().forEach((key, value) -> + log.debug("{}: {}", key, value) + ); + log.debug("======================"); - String workdayId = oidcUser.getAttribute(workdayClaim); - String email = oidcUser.getAttribute(emailClaim); + Set mappedAuthorities = new HashSet<>(oidcUser.getAuthorities()); - String firstName = oidcUser.getAttribute(firstnameClaim); - String lastName = oidcUser.getAttribute(lastNameClaim); + User user = null; + String workdayId = oidcUser.getAttribute(workdayClaim); + String email = oidcUser.getAttribute(emailClaim); - if (identifyBy.equals("email") && email != null && !email.isEmpty()) { - log.debug("Fetch user by email {}", email); - user = userRepository.getByEmail(email); - } else if (identifyBy.equals("workday") && workdayId != null && !workdayId.isEmpty()) { - log.debug("Fetch user by workday id {}", workdayId); - user = userRepository.getByWorkdayId(workdayId).orElse(null); - } + String firstName = oidcUser.getAttribute(firstnameClaim); + String lastName = oidcUser.getAttribute(lastNameClaim); - if (user != null) { - userId = user.getId(); - } else { - if (email != null && firstName != null && lastName != null && (ignoreWorkdayClaim || workdayId != null)) { - var isFirstUser = userRepository.count() == 0; - user = LccOidcUser.createDatabaseUser(email, firstName, lastName, ignoreWorkdayClaim ? generateRandomWorkdayId() : workdayId, isFirstUser); - userId = userRepository.update(user); + log.info("Claims extracted - email: {}, workdayId: {}, firstName: {}, lastName: {}", + email, workdayId, firstName, lastName); - } else { - log.debug("Unable to create user {} / {}", email, workdayId); - mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_NONE")); + if (identifyBy.equals("email") && email != null && !email.isEmpty()) { + log.debug("Fetch user by email {}", email); + user = userRepository.getByEmail(email); + } else if (identifyBy.equals("workday") && workdayId != null && !workdayId.isEmpty()) { + log.debug("Fetch user by workday id {}", workdayId); + user = userRepository.getByWorkdayId(workdayId).orElse(null); } - } - if (user != null) { - user.getGroups().forEach(g -> log.debug("Local group: {}", g.getName())); - user.getGroups().forEach(group -> mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + group.getName().toUpperCase()))); - } + if (user != null) { + userId = user.getId(); + log.info("User found with ID: {}", userId); + } else { + if (email != null && firstName != null && lastName != null && (ignoreWorkdayClaim || workdayId != null)) { + log.info("Creating new user"); + var isFirstUser = userRepository.count() == 0; + user = LccOidcUser.createDatabaseUser(email, firstName, lastName, ignoreWorkdayClaim ? generateRandomWorkdayId() : workdayId, isFirstUser); + userId = userRepository.update(user); + log.info("New user created with ID: {}", userId); + } else { + log.warn("Unable to create user - email: {}, firstName: {}, lastName: {}, workdayId: {}", + email, firstName, lastName, workdayId); + mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_NONE")); + } + } - return new LccOidcUser( - mappedAuthorities, - oidcUser.getIdToken(), - oidcUser.getUserInfo(), - "preferred_username", - userId - ); + if (user != null) { + user.getGroups().forEach(g -> log.debug("Local group: {}", g.getName())); + user.getGroups().forEach(group -> mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + group.getName().toUpperCase()))); + } + + log.info("=== OIDC User Service completed successfully ==="); + + return new LccOidcUser( + mappedAuthorities, + oidcUser.getIdToken(), + oidcUser.getUserInfo(), + "preferred_username", + userId + ); + + } catch (Exception e) { + log.error("=== FATAL ERROR in oidcUserService ===", e); + log.error("Exception type: {}", e.getClass().getName()); + log.error("Exception message: {}", e.getMessage()); + log.error("Stack trace:", e); + throw e; // Re-throw to maintain Spring Security behavior + } }; }